TŌŌL Privacy Policy
# Privacy Policy for TŌŌL
**Last Updated:** 11/14/2025
**Effective Date:** 11/14/2025
---
## 1. Introduction
TŌŌL ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
By using TŌŌL, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the App.
---
## 2. Information We Collect
### 2.1 Personal Information You Provide
When you register and use our App, we collect:
- **Account Information**: Email address, first name, last name
- **Profile Information**: Age, gender (optional), profile icon selection
- **Authentication Data**: Encrypted passwords and login credentials
### 2.2 Health and Usage Data
- **Nicotine Tracking Data**: Amount of nicotine consumed (in mg), timestamps, frequency of use
- **Journal Entries**: Optional notes about cravings, feelings, and personal observations
- **Achievement Data**: Milestones reached, streaks, and progress metrics
- **Health Metrics**: With your explicit consent, we may access HealthKit data including:
- Respiratory rate
- Heart rate and heart rate variability
- Blood oxygen saturation
- VO2 Max
- Sleep analysis
- Physical activity data
- Mental health indicators (mindful minutes)
- Step count and active energy
- HealthKit data is read from your device and displayed within the App. We do not store or process HealthKit data on our servers. HealthKit data remains on your device and in your iCloud per Apple's policies.
### 2.3 Community and Social Features
If you choose to use community features:
- **Community Profile**: Display name, profile icon, privacy settings
- **Messages**: Chat messages in public forums, private forums, and direct messages
- **Social Interactions**: Friend requests, connections, reactions to messages
- **User-Generated Content**: Posts, comments, and shared encouragement
### 2.4 Therapeutic Chat Data
- **AI Conversations**: Messages you send to our AI therapeutic chat feature
- **Chat History**: Previous conversations for context and personalization
- **Conversation Metadata**: Timestamps, conversation topics (non-identifiable)
### 2.5 Technical and Device Information
- **Device Information**: Device type, operating system version, app version
- **Usage Analytics**: Features used, session duration, navigation patterns
- **Push Notification Tokens**: Firebase Cloud Messaging (FCM) tokens for notifications
- **Crash Reports**: Anonymous crash logs and error reports for app stability
### 2.6 Information We Do NOT Collect
- We do NOT collect precise geolocation data
- We do NOT collect browsing history outside the App
- We do NOT collect financial or payment information
---
## 3. How We Use Your Information
### 3.1 Primary Purposes
We use collected information to:
- **Provide Core Services**: Track your nicotine reduction journey and progress
- **Personalize Experience**: Customize goals, recommendations, and insights
- **Enable Social Features**: Connect you with community members
- **Send Notifications**: Deliver reminders, achievements, and motivational messages
- **Provide Support**: Offer AI-powered therapeutic chat and guidance
- **Health Integration**: Display HealthKit data to show health improvements
### 3.2 Analytics and Improvement
- Analyze usage patterns to improve app features and user experience
- Generate anonymized, aggregated statistics about app effectiveness
- Identify and fix technical issues and bugs
- Develop new features based on user needs
### 3.3 Communications
- Send important service announcements and updates
- Respond to your inquiries and support requests
- Deliver push notifications you've opted into
### 3.4 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and prevent harm
- Enforce our Terms of Service and protect user safety
---
## 4. Data Storage and Security
### 4.1 Where Your Data is Stored
Your data is stored using Google Firebase, a secure cloud platform that employs industry-standard security measures. Firebase servers are located in the United States and may be processed in other countries where Firebase operates.
### 4.2 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- **Encryption**: Data is encrypted in transit (TLS/SSL) and at rest
- **Authentication**: Secure user authentication via Firebase Authentication
- **Access Controls**: Role-based access restrictions and database security rules
- **Regular Security Audits**: Ongoing monitoring and security assessments
- **Secure APIs**: All third-party integrations use secure, authenticated connections
### 4.3 Data Retention
- **Active Accounts**: We retain your data as long as your account is active
- **Inactive Accounts**: We may retain your data only as long as necessary to provide the App’s services, comply with legal obligations, resolve disputes, and enforce our agreements. Upon account deletion, personal data is deleted or anonymized unless retention is required by law
- **Legal Requirements**: We may retain certain data longer if required by law
- **Backups**: Backup copies may persist for up to 90 days after deletion
---
## 5. Data Sharing and Disclosure
### 5.1 Service Providers
We share data with trusted third-party service providers who assist in operating our App:
- **Firebase (Google)**: Cloud database, authentication, analytics, and hosting
- **OpenAI**: AI-powered therapeutic chat functionality (messages are sent to OpenAI API)
- **Apple HealthKit**: Health data integration (only with your explicit permission)
These providers are contractually obligated to protect your data and use it only for providing services to us.
### 5.2 Community Features
If you choose to participate in community features:
- Your **display name** and **profile icon** may be visible to other users based on your privacy settings
- **Public forum messages** are visible to all app users
- **Private forum messages** are visible only to forum participants
- **Direct messages** are visible only to you and your friend(s)
### 5.3 Legal Requirements
We may disclose your information if required by law or if we believe disclosure is necessary to:
- Comply with legal obligations, court orders, or government requests
- Protect our rights, property, or safety, or that of our users
- Prevent fraud, security issues, or technical problems
- Enforce our Terms of Service
### 5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice in the App before your data is transferred.
---
## 6. Your Privacy Rights and Choices
### 6.1 Access and Control
You have the right to:
- **Update Information**: Modify your profile, settings, and selected preferences at any time
- **Delete Information**: You may request deletion of your account and all associated data by contacting us or using the in-app "Delete Account" option (if available)
### 6.2 Regional Rights
**For EU/EEA Residents (GDPR):**
- Right to access, rectify, erase, restrict processing, data portability, and object to processing
- Right to withdraw consent at any time
-
Right to lodge a complaint with a supervisory authority
-
We retain your data only as long as necessary to provide the Service, comply with legal obligations, prevent fraud, resolve disputes, and enforce our agreements. When data is no longer needed, it is deleted or anonymized
-
You may request deletion of your account and associated data by emailing burdellinnovations@gmail.com or using the in-app ‘Delete Account’ feature (if available)
**For California Residents (CCPA):**
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
-
Right to non-discrimination for exercising your rights
-
TŌŌL does not and will not sell your personal data to third parties, including your identity data, analytics data, HealthKit data, usage data, or any other information collected within the App.
**For All Users:**
Contact us at burdellinnovations@gmail.com to exercise any of these rights.
---
## 7. Children's Privacy (COPPA Compliance)
TŌŌL is intended for users aged 18 and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EU). If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at burdellinnovations@gmail.com, and we will delete such information.
---
## 8. Third-Party Services
### 8.1 OpenAI API
Our therapeutic chat feature uses OpenAI's API. When you use this feature:
- Your messages are sent to OpenAI for processing
- OpenAI's Privacy Policy applies to this data: https://openai.com/privacy
- We do not control OpenAI's data practices and are not responsible for their services.
-
Conversations may be used by OpenAI to improve their services per their terms
-
The AI chat feature is not a substitute for professional therapy or medical advice. It provides general wellness support only and should not be used for mental health diagnosis, crisis support, or clinical treatment.
### 8.2 Apple HealthKit
HealthKit data:
- Is ONLY accessed with your explicit permission
- Is stored locally on your device and in iCloud (per Apple's policy)
- Is NOT stored on our servers or shared with third parties
- Can be revoked at any time through iOS Health app settings
- Is governed by Apple's Health app privacy policies
- Is not used for marketing, advertising, or data mining, and is never shared with third parties
### 8.3 Firebase (Google)
Firebase services we use:
- **Authentication**: Secure login and user management
- **Firestore Database**: Cloud data storage
- **Cloud Functions**: Backend processing
- **Cloud Messaging**: Push notifications
- **Analytics**: App usage analytics (anonymized)
Google Firebase Privacy Policy: https://firebase.google.com/support/privacy
---
## 9. International Data Transfers
If you are accessing TŌŌL from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.
By using our App, you consent to the transfer of your information to countries outside of your country of residence, which may have different data protection laws.
For EU/EEA users, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Your explicit consent where required
---
## 10. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours (or as required by law)
- Provide details about the breach and data affected
- Explain steps we're taking to address the breach
- Recommend actions you can take to protect yourself
- Notify relevant authorities as required by law
---
## 11. Cookies and Tracking Technologies
### 11.1 What We Use
- **Session Tokens**: To keep you logged in securely
- **Local Storage**: To cache app data for offline functionality
- **Analytics Identifiers**: Anonymous identifiers for Firebase Analytics
- **FCM Tokens**: For delivering push notifications
### 11.2 What We Don't Use
-
We do NOT use advertising cookies
-
We do NOT use cross-site tracking
-
We do NOT use behavioral advertising pixels
-
We do not use third-party advertising networks
-
We do not collect the IDFA or any advertising identifiers
---
## 12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.
We encourage you to review this Privacy Policy periodically.
---
## 13. Your Consent
By using TŌŌL, you consent to:
- The collection and use of information as described in this Privacy Policy
- The processing of your health data for app functionality (where you have given explicit consent)
- The use of third-party services (Firebase, OpenAI, Apple HealthKit) as described
- The storage of your data in the United States and other countries where our service providers operate
-
The application of our Terms of Service (available at: https://www.toolapp.net/app-terms-of-service)
---
## 14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
**Email**: burdellinnovations@gmail.com
---
## 15. Dispute Resolution
For EU/EEA residents, you have the right to lodge a complaint with your local data protection authority.
For US residents, disputes will be resolved in accordance with our Terms of Service.
——
## 16. Acknowledgment
By creating an account and using TŌŌL, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.
---
## Appendix B: Third-Party Services
| Service | Purpose | Data Shared | Privacy Policy |
|---------|---------|-------------|----------------|
| Firebase (Google) | Backend, database, auth | Account, usage, device data | [Firebase Privacy](https://firebase.google.com/support/privacy) |
| OpenAI | AI chat | Chat messages | [OpenAI Privacy](https://openai.com/privacy) |
| Apple HealthKit | Health integration | Health metrics (local only) | [Apple Privacy](https://www.apple.com/privacy/) |
---
## Appendix C: Compliance Frameworks
This Privacy Policy is designed to, but may not fully, comply with:
- ✅ General Data Protection Regulation (GDPR) - EU
- ✅ California Consumer Privacy Act (CCPA) - California, USA
- ✅ Children's Online Privacy Protection Act (COPPA) - USA
- ✅ Health Insurance Portability and Accountability Act (HIPAA) considerations*
- ✅ Apple App Store Privacy Guidelines
*Note: TŌŌL is a wellness app, not a medical device. While we handle health-related data responsibly, we are not a HIPAA-covered entity. Consult your attorney for HIPAA compliance requirements.
*Note: TŌŌL is not a HIPAA-covered entity, and HIPAA protections do not apply to data you enter into the App.”
---
**END OF PRIVACY POLICY**